Skip to main content
Policies & agreements

Privacy policy

Effective 15 May 2026. Jurisdiction: Queensland, Australia.

01 / Privacy

Introduction

Finlytics Hub respects your privacy. This policy explains, in plain English, what personal information we collect when you visit finlyticshub.com, how we use it, who we share it with, and the rights you have over it. We aim to meet the spirit of the EU General Data Protection Regulation (GDPR) and the Australian Privacy Principles regardless of where you contact us from.

Who we are

Finlytics Hub is a data and AI consultancy based in Brisbane, Queensland, Australia (ABN 26 180 238 328). For privacy enquiries, contact us at info@finlyticshub.com.

What we collect and why

We only collect information you give us, or that is generated as you use the site:

  • Contact and lead-capture forms — your name, work email, company and any message you send us. We use these to reply to you and, where you've asked for one, to send a downloadable strategic guide. We may follow up once or twice with related insights tied to the guide you requested; we won't add you to a regular newsletter unless you opt in, and you can ask us to stop at any time.
  • Booking — if you book a discovery call through our embedded Google Calendar, Google receives your name, email and chosen time. We see the same booking details inside Google Calendar.
  • Usage data — anonymised page-view counts, device type and rough location collected by Vercel Analytics. No cookies are set; you can't be identified from this data.
  • Google Analytics 4 — only loaded after you accept the cookie banner. Captures pseudonymous events to help us understand which pages are useful. GA4 anonymises IP addresses by default; we have not changed that default.
  • Security checks (Cloudflare Turnstile) — a silent bot check runs when you submit a form. Cloudflare may briefly access standard browser signals to confirm you're human; no personal data is stored by us from the check itself.
  • Form rate-limit IPs (Upstash) — when you submit a form, we record your IP address against a short-lived rate-limit counter in Upstash Redis so a single visitor can't spam the contact or download forms. The counter expires automatically after 24 hours and is never used for any other purpose.

Legal basis (GDPR)

Where GDPR applies, we rely on one of these grounds:

  • Consent — for cookies set by Google Analytics 4.
  • Legitimate interest — for replying to your enquiry, sending requested guides, and keeping the site secure and performant.
  • Legal obligation — where we must keep records to meet tax, audit or other regulatory requirements.

Other jurisdictions

Our work spans the GCC, Australia, the United States and the EU/UK, so we treat all visitors to the spirit of the strictest applicable regime. If you contact us from outside the EU/UK or Australia, the same principles apply: you'll find equivalents to most of these rights in your local data-protection law. Regimes most relevant to our practice include the Saudi Arabia Personal Data Protection Law (PDPL), the UK GDPR, the Australian Privacy Act 1988 (including the Australian Privacy Principles), the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA), and the India Digital Personal Data Protection Act (DPDPA). Email info@finlyticshub.com to exercise any equivalent local right; if you're not sure which regime applies to you, we'll work that out with you.

Who we share data with

We don't sell your data. We use a small set of trusted processors who only handle your information on our instructions:

  • SendGrid (Twilio) — sends transactional emails (form replies, guide delivery).
  • Vercel — hosts the site and provides anonymised analytics and speed insights.
  • Cloudflare — bot protection on forms via Turnstile.
  • Google — Calendar (booking) and Analytics 4 (consent-gated only).
  • Upstash — rate-limits abusive form submissions.

How long we keep your data

Form submissions and email correspondence are kept while we have an ongoing interest in being able to reply to you, and for up to seven years after our last contact for tax and audit purposes. Anonymised analytics is retained for up to 14 months. You can ask us to delete your data sooner — see below.

Security

We use HTTPS site-wide, strong authentication on the systems that hold your data, and processors who are themselves certified to recognised security standards. No system on the internet is perfectly secure, so we can't guarantee absolute safety — but we treat your data as if it were our own.

Your rights

Subject to local law, you have the right to ask us to:

  • access a copy of the personal data we hold about you
  • correct anything that's wrong or incomplete
  • delete your data, where there's no legal reason for us to keep it
  • object to or restrict how we use it
  • receive it in a portable format, where applicable
  • withdraw consent for analytics cookies at any time via your browser

To exercise any of these, email info@finlyticshub.com. We'll respond within 30 days. If you're in the EU/UK, you also have the right to complain to your local data protection authority. In Australia, the equivalent is the Office of the Australian Information Commissioner.

International transfers

Our processors are global businesses; your data may be processed in countries outside your own (including the United States and the European Union). Where that happens we rely on standard contractual clauses or the processor's own adequacy mechanisms.

Cookies

For a full breakdown of what's set and when, see our Cookie Policy.

Children's privacy

This site is aimed at business audiences. We don't knowingly collect information from anyone under 16. If you believe a child has sent us their data, contact us and we'll delete it.

Changes to this policy

We may update this policy as our practices evolve. Material changes will be flagged on this page with a fresh effective date.

Contact us

Email info@finlyticshub.com with any privacy question or request.